Fortinet Endpoint-IoT Solution
Monitor, control, and protect the expanding digital attack surface.
Watch NowFortiClient
Next-Generation Endpoint Protection
Gartner 2019 Magic Quadrant for Endpoint Protection Platforms (EPP)
FortiClient Overview
Endpoints are frequently the target of initial compromise or attacks. One recent study found that 30% of breaches involved malware being installed on endpoints. FortiClient strengthens endpoint security through integrated visibility, control, and proactive defense. With the ability to discover, monitor, and assess endpoint risks, you can ensure endpoint compliance, mitigate risks, and reduce exposure. FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
FortiClient News
-
Apr 9, 2019Endpoint Solution Reference ArchitectureOrganizations of all sizes need to ensure network performance and security while the number of users, devices, and applications entering the network are drastically increasing and expanding the attack surface. The Fortinet Endpoint Solutions Reference Architecture provides a broad overview of endpoint solutions in a hybrid network ecosystem.
-
Mar 7, 2019Fortinet’s FortiClient Blocks 100 Percent Malware in NSS Labs 2019 Advanced Endpoint Test ReportFortiClient receives third-straight recommended rating in the NSS Labs AEP Group Test, offering powerful and cost-effective solution for safeguarding the growing number of endpoint devices.
-
Jul 13, 2018Reaching the Holy Grail of Integrated Endpoint and Network SecurityBe Ready to deliver network security and performance while the number of users, devices, and applications rapidly increase.
FortiClient Video
|
FortiClient Product Details:
FortiClient is more than advanced endpoint protection. As an integrated agent, FortiClient contains three key modules: Fabric Agent for security Fabric connectivity, the endpoint security modules, and the secure remote access modules. Fabric Agent shares endpoint telemetry with the Security Fabric and delivers broad endpoint visibility, compliance control, and vulnerability management. It provides advanced endpoint protection with pattern-based anti-malware, behavior-based exploit protection, web-filtering, and an application firewall. FortiClient natively integrates with FortiSandbox to detect zero-day threats and custom malware. FortiClient also provides secure remote access with built-in VPN, single-sign-on, and two-factor authentication for added security.
Features and Benefits
Broad endpoint visibility
FortiClient Fabric Agent integrates endpoints into the Security Fabric and provides endpoint telemetry, including user identity, protection status, risk scores, unpatched vulnerabilities, security events, and more.
Endpoint compliance and vulnerability management
Reduce the endpoint attack surface and manage endpoint-borne risk.
Vulnerability scanning with flexible patching options. Detect and enforce endpoint compliance.
Proactive endpoint defense
Anti-exploit, sandbox integration, and behavior and pattern-based malware detection proactively detect and block malware, malicious scripts, document-based, and other advanced attacks.
Automated threat containment
Integration with the Security Fabric enables automated response. Mitigate unpatched vulnerabilities, alert users, and quarantine risky or compromised endpoints to stem an outbreak.
Secure remote access
Reliable, simple, and secure remote access with built-in, always-on VPN, with the added security of two-factor authentication, plus single-sign-on capabilities.
Easy to deploy and manage
Easy to deploy and manage Modular and light-weight endpoint agents are centrally managed with the Enterprise Manager Server (EMS).
Fabric Agent is compatible with Fabric-Ready endpoint security solutions.
Please see the product datasheet for more information these and many more Product features.
FortiClient Features and Specifications
FortiClient contains the following key modules: Fabric Agent for Security Fabric connectivity, the endpoint security modules, and the secure remote access modules. FortiClient integrates with many key components of the Fortinet Security Fabric and is centrally managed by the Enterprise Management Server (EMS).
▼
Endpoint telemetry for visibility
FortiClient shares endpoint telemetry with the Security Fabric to ensure unified endpoint awareness and deliver integrated endpoint and network security. Endpoint information shared includes device information, OS, security status, vulnerabilities, events, and user ID.
Dynamic access control for compliance enforcement
EMS creates virtual groups based on endpoint security posture. These virtual groups are then retrieved by FortiGate and used in firewall policy for dynamic access control. Dynamic groups help automate and simplify compliance for security policies.
Automation/host quarantine
Automates policy-based response when triggered by security events. For example, automatically quarantine a suspicious or compromised endpoint to contain incidents and prevent outbreaks.
Vulnerability scanning and patching
Ensures endpoint hygiene and hardens endpoints to reduce the attack surface. Identifies vulnerable endpoints and prioritizes unpatched OS and software vulnerabilities with flexible patching options including auto-patching.
Software inventory
Provides visibility of installed software. In addition to managing licenses, software inventory can improve security hygiene. When software installed is not required for business purposes, it unnecessarily introduces potential vulnerabilities, and thereby increases the likelihood of compromise.
Administrators can leverage inventory information to detect and remove unnecessary or outdated applications that are potentially vulnerable to reduce the attack surface.
Anti-malware
Anti-malware leverages FortiGuard Content Pattern Recognition Language (CPRL), machine learning, and AI to protect endpoint against malware. The pattern-based CPRL is highly effective in detecting and blocking polymorphic malware. It also blocks attack channels and malicious websites.
Anti-exploit
Protects against advanced threats exploiting zero-day and unpatched vulnerabilities. This signature-less and behavioral-based technology detects and blocks memory violation techniques. It shields web browsers, java/flash plug-ins, office applications, PDF readers, load library, and script interpreters from exploit-based attacks.
Web filtering
Powered by FortiGuard research, the web filtering function monitors all web browser activities to enforce web security and acceptable usage policy with 75+ categories. It works across all supported operating systems and works with Google SafeSearch. The endpoint web filtering profile can be synchronized from FortiGate for consistent policy enforcement. Admins can set black/white lists, on-/off-net policies, and import FortiGate web filtering policies for consistent enforcement.
FortiClient now supports a web filter plugin that improves detection and enforcement of web filter rules on HTTPS sites with encrypted traffic.
Application firewall
Provides the ability to monitor, allow, or block application traffic by categories. It uses the same categories as FortiGate, enabling consistent application traffic control. It leverages FortiGuard anti-botnet, IPS, and application control intelligence and can prevent the use of unwanted applications including proxy apps and HTTPS messaging apps.
Sandbox integration
FortiClient natively integrates with FortiSandbox. FortiClient automatically submits files to the connected FortiSandbox for real-time analysis. Sandbox analysis results are automatically synchronized with EMS. Administrators can see detailed information and behavior activities of submitted objects including graphic visualization of the full process tree.
FortiSandbox Cloud support
FortiClient now offers a license that includes a FortiSandbox Cloud subscription. Licensed endpoints running FortiClient 6.2.0 can now use the FortiSandbox Cloud service for deep inspection of zero-day threats.
Cloud-based threat detection
Protects against emerging threats with real-time threat intelligence powered by FortiGuard.
Schools continues to enhance their technologies in the curriculum and the adoption of personal devices such as Chromebook are increasingly commonplace. Schools are required to be in compliance with Children’s Internet Protection Act (CIPA) and protect students from harmful content while browsing the Internet.
Consistent web filtering policy enforcement on- and off- campus
Powered by FortiGuard research, the web filtering function monitors all web browser activities to enforce web security and acceptable usage policy with 75+ categories and supports Google SafeSearch:
- Support safe browsing for K-12 on and off campus; no reverse proxy or VPN required
- Categorizes more than 43 million rated websites, and 2 billion+ web pages
- Consistent with web filtering policy on FortiGate
- Works with Google safe search and supports custom Black/White lists
- Monitor all web browser activity including HTTPS
Easy to deploy, simple to use
- Integrated with Google G Suite Admin Console for Management
- Deployment from within G Suite admin console and Google Chrome Web Store. It allows administrators to manage apps and extensions on Chromebooks, making it a scalable process.
- Single-Sign-On with Google Credentials without requiring additional Captive Portal Login
Flexible detailed logging and reporting
- Identify Students logged into Chromebooks and apply appropriate policies that is grade-level appropriate.
- Also supports the “cart system” where devices are not specifically assigned to one user.
Check the solution brief.
FortiClient leverages the Security Fabric Architecture and integrates with many Security Fabric components:
FortiSandbox
FortiClient natively integrates with FortiSandbox. FortiClient automatically submits files to the sandbox for real-time analysis. Real-time threat intelligence from FortiSandbox is instantly shared across the enterprise.
FortiSandbox Cloud
FortiClient offers an optional FortiSandbox Cloud subscription. Licensed endpoints running FortiClient 6.2.0 can now use the FortiSandbox Cloud service for deep inspection of zero-day threats.
FortiGate
FortiClient shares endpoint telemetry with FortiGate enterprise firewalls to enforce endpoint security compliance. FortiClient telemetry also contributes to the security rating. The diverse VPN client provides secure remote access.
FortiClient web filtering policy can be automatically synchronized with the FortiGate Web Filter profile
FortiGate EMS connector
EMS shares endpoint groups with FortiGate via the EMS connector. EMS dynamically updates these endpoint groups when host compliance or other events happen. Users can combine the endpoint groups with FortiGate firewall policies to provide dynamic access control based on endpoint status.
FortiAnalyzer/FortiManager/FortiSIEM
In addition to endpoint telemetry, FortiClient sends logs including traffic, vulnerability, software inventory, and events for the network operation center (NOC) and security operation center (SOC) for threat analysis and forensic investigation.
FortiAuthenticator
Enables secure sign-on (SSO) and two-factor authentication.
VPN
FortiClient uses SSL and IPsec VPN to provide secure and reliable access to the corporate network. Two-factor authentication can also be leveraged for additional security. Features such as always-on, auto-connect, dynamic VPN gateway selection and split-tunneling, result in optimized user experience and security.
Single sign-on
It integrates with FortiAuthenticator identity and access management service to provide single sign-on.
EMS provides central management of Windows, Mac, Linux, iOS, Android, and Chromebook devices.
Features include remote endpoint deployment, client provisioning, Windows AD integration, real-time endpoint status, vulnerability dashboard, software inventory, quarantine management, alerts, and more.
Windows AD integration helps sync organizations’ AD structure into EMS so same OUs can be used for endpoint management. Realtime Endpoint Status always provides current information on endpoint activity & security events.
Centralized FortiClient deployment and provisioning that allows administrators to remotely deploy endpoint software and perform controlled upgrades. Makes deploying FortiClient configuration to thousands of clients an effortless task with a click of a button.
Vulnerability dashboard helps manage organizations attack surface. All vulnerable endpoints are easily identified for administrative action.
Sandbox detection results are automatically synchronized with EMS and detailed analysis of FortiClient submitted files for behavior-based detection is accessible in EMS. Administrators can see analysis details and behavior activities of a file including graphic visualization of full process tree.
Dynamic endpoint grouping and EMS connector (endpoint compliance)
As part of the Security Fabric, users can now configure categorization rules on EMS to dynamically group/tag FortiClient Fabric Agent endpoints. These endpoint groups are automatically shared with FortiGate. EMS dynamically updates these endpoint groups based on the real-time endpoint status, event, and security posture.
| Windows | MAC OS X | Linux | Android | iOS | Chromebook | |
|---|---|---|---|---|---|---|
| FABRIC AGENT | ||||||
| Endpoint telemetry - visibility | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
| Compliance enforcement | ✔ | ✔ | ✔ | ✔ | ✔ | |
| Host quarantine | ✔ | ✔ | ||||
| Vulnerability management | ✔ | ✔ | ✔ | |||
| Application inventory | ✔ |
✔ |
✔ | |||
| Secure Access | ||||||
| VPN | ✔ | ✔ | ✔* | ✔ | ✔ | |
| SSO | ✔ | ✔ | ||||
| Endpoint Protection | ||||||
| Anti-malware | ✔ | ✔ | ✔ |
|||
| Anti-exploit | ✔ | |||||
| Sandbox integration | ✔ | partial** | ||||
| Web filtering | ✔ | ✔ | ✔ | ✔ | ✔ | |
| Application firewall | ✔ | ✔ |
Our Customers Emphasize the Value of FortiClient in Gartner Peer Insights Reviews
FortiClient is more than endpoint protection. It strengthens enterprises overall security by integrating endpoints with network security and delivering continuous visibility and risk assessment of the endpoints. It supports proactive defense with vulnerability scanning, patching, compliance control and secure remote access.
Many enterprise customers realize the power and effectiveness of FortiClient and have provided positive feedback on Gartner Peer Insights. Read what end users say about our FortiClient Security Fabric Agent.
★★★★★
“Powerful Endpoint Protection For Your Corporate Devices”
Senior Consultant IT in the Manufacturing Industry
“This is a solid all-in-one security product that we use to protect our corporate endpoints. The reason for our investment in this product was that we were looking for enhanced security features such as application control and web-filter for our Internet connected endpoints. Since we already had invested a lot in other Fortinet security products, we decided to also implement the FortiClient Endpoint Protection features and that is a decision we do not regret. With FortiClient we got a lot more than just the security features we needed. One of the greatest values was the ease of management and overview of our endpoints. This includes the vulnerability scanner and software inventory that comes with the latest version, which provides us with an overall threat summary of vulnerabilities on our endpoints.”
★★★★★
“Best VPN Client, AV and Vulnerability Management Client”
Cyber Security Leader in the Manufacturing Industry
“Fortinet is extremely easy to work with and their support is excellent. The integration of FortiClient with the overall Fortinet ecosystem is a large advantage for us.”
★★★★★
“Next Generation Endpoint. Lovely Telemetry and Compliance Function”
IT Manager in the Healthcare Industry
“FortiClient brings better endpoint visibility and total control. It knows endpoint vulnerability and only grants endpoint that has minimum requirement.”
★★★★★
“An Excellent Multifunctional VPN, AntiVirus & Web Filtering Client”
Networks & Infrastructure Manager in the Construction Industry
“We deployed FortiClient to replace multiple products from other vendors. It combines multiple functions, VPN, AV, Application Firewall, Web Filtering [additionally, it integrates with] our Security Fabric, Telemetry & Compliance enforcement.”
★★★★★
“Fully Featured EPP Which Was Extremely Easy To Roll Out And Manage”
IT Services Manager in the Education Industry
"A huge bonus is the compliance feature which will scan all programs installed on the endpoint and report back on whether that particular version of the program has vulnerabilities.”
★★★★★
“Integration FortiClient That Supports Our Work Stations”
IT Support in the Transportation Industry
“It is a very good product and the best thing is that it is integrated into a solution with both the [endpoint and] firewall, generating greater security of our workstations.”
For more Peer Insight reviews on FortiClient, click here.
Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences, and do not represent the views of Gartner or its affiliates.
FortiClient Use Cases
FortiClient is more than just an advanced endpoint protection solution with a built-in VPN client. It connects the endpoint with the Security Fabric and delivers integrated endpoint and network security. With the modular design, users can deploy FortiClient for some or all of the use cases.
Security Fabric Integration—Endpoint Visibility and Compliance Control
FortiClient ensures endpoint visibility and compliance throughout the Security Fabric and integrates endpoint and network security with automation and segmentation. FortiClient shares endpoint telemetry with the Security Fabric, enabling unified endpoint awareness.
In addition, it is also compatible with third-party anti-malware or endpoint detection and response (EDR) solutions.
Endpoint Hardening
99% of the vulnerabilities exploited continue to be ones known by security and IT at the time of the incident. FortiClient enables vulnerability scanning with automated patching, software inventory, and application firewall to help reduce the attack surface and boost overall security hygiene.
As part of the telemetry shared throughout the Security Fabric, endpoint vulnerability information allows network security operations teams to take additional measures, such as dynamic access control, to help secure the environment.
The FortiClient vulnerability dashboard delivers detailed information including category, severity, and can pinpoint the affected endpoints.
The FortiClient enterprise management console shows detailed analysis from FortiSandbox.
Advanced Endpoint Protection
Secure endpoints with machine learning antimalware and behavioral-based anti-exploit. Sandbox integrations detect advanced threats, customer malware, and script-based, file-less attacks. Application firewall, intrusion prevention system (IPS), botnet protection, and web content filtering provides additional layers of protection.
FortiClient also natively integrates with FortiSandbox. It can block the execution of any never-before seen file and automatically submit them to the sandbox for real-time analysis. Real-time threat intelligence from FortiSandbox is instantly shared across the enterprise to all endpoints.
Secure Remote Access
Ensure secure remote access with always-on, SSL/IPsec VPN that supports network segmentation, conditional admission, and integrates with FortiAuthenticator for single sign on, and multi-factor authentication.
FortiClient leverages FortiGuard threat intelligence research and services
Antivirus
FortiGuard Antivirus protects against the latest viruses, spyware, and other content-level threats. It uses industry-leading advanced detection engines to prevent both new and evolving threats from gaining a foothold inside your network and accessing its invaluable content.
IP Reputation & Anti-botnet Security
The FortiGuard IP Reputation Service aggregates malicious source IP data from the Fortinet distributed network of threat sensors, CERTs, MITRE, cooperative competitors, and other global sources that collaborate to provide up-to-date threat intelligence about hostile sources. Near real-time intelligence from distributed network gateways combined with world-class research from FortiGuard Labs helps organizations stay safer and proactively block attacks.
Application Control
Improve security and meet compliance with easy enforcement of your acceptable use policy through unmatched, real-time visibility into the applications your users are running. With FortiGuard Application Control, you can quickly create policies to allow, deny, or restrict access to applications or entire categories of applications.
Intrusion Prevention
FortiGuard IPS protects against the latest network intrusions by detecting and blocking threats before they reach network devices.
Web Filtering
Protects your organization by blocking access to malicious, hacked, or inappropriate websites.
▼
Solution Guides
White Papers
FortiClient Enterprise Management Server (EMS) Demo
Securing your endpoints against today’s threats on a myriad of devices can be quite a challenge for a number of reasons. Managing separate endpoint features is complex and time-consuming. Disparate security products don’t share intelligence, resulting in slow threat response. And, lack of IT expertise to effectively administer endpoint security can let threats into your network. FortiClient delivers easy-to-manage, automated, fully customizable endpoint security for a broad set of devices, removing those challenges.
NSS Labs 2019 Advanced Endpoint Protection (AEP) Test
The NSS Labs AEP group test evaluates products for security effectiveness, performance, and total cost of ownership (TCO). These products include endpoint security technologies that combine the protective capabilities of anti-threat products with the detection, investigation, and prevention capabilities of endpoint security products. FortiClient with integrated FortiSandbox earned a “Recommended” rating for the third year in a row. Fortinet achieved an average security effectiveness of over 97.65%, proven resistant to all evasion techniques with zero false positives, and low TCO.
NSS Labs 2018 Advanced Endpoint Protection (AEP) Test
The NSS Labs AEP group test evaluates products for security effectiveness, performance, and total cost of ownership (TCO). These products include endpoint security technologies that combine the protective capabilities of anti-threat products with the detection, investigation, and prevention capabilities of endpoint security products. FortiClient with integrated FortiSandbox earned a “Recommended” rating with average security effectiveness of over 97.3%, zero false positives, and low TCO.
NSS Labs Breach Prevention Systems (BPS) Test 2017
NSS Labs introduced a new group test, BPS focused on detecting and blocking exploits, advanced malware, and evasions. This helps validate the advanced threat response cycle of prevent-detect-mitigate across a number of threat vectors including web, email, and endpoint. Fortinet's Security Fabric consisting of FortiSandbox, FortiGate, FortiMail, and FortiClient integrated together, earned a Recommended award by achieving a block rate of 99.6% and offering the lowest 3-year TCO.
FortiClient Ecosystem
FortiClient provides integration with many leading IT vendors as part of the Fortinet Security Fabric. Below is a list of current FortiClient Alliance Partners:
Carbon Black
Carbon Black leads a new era of endpoint security by enabling organizations to disrupt advanced attacks, deploy the best prevention strategies for their business, and leverage the expertise of 10,000 professionals from IR firms, MSSPs, and enterprises to shift the balance of power back to security teams.
D3 Security
D3 Security's award-winning SOAR platform seamlessly combines security orchestration, automation and response with enterprise-grade investigation/case management, trend reporting and analytics. With D3's adaptable playbooks and scalable architecture, security teams can automate SOC use-cases to reduce MTTR by over 95%, and manage the full lifecycle of any incident or investigation.
InfoBlox
Infoblox is leading the way to next-level DDI with its Secure Cloud-Managed Network Services. Infoblox brings next-level security, reliability and automation to cloud and hybrid systems, setting customers on a path to a single pane of glass for network management. Infoblox is a recognized leader with 50 percent market share comprised of 8,000 customers, including 350 of the Fortune 500.
McAfee
McAfee is one of the world’s leading independent cybersecurity companies. Inspired by the power of working together, McAfee creates business and consumer solutions that make the world a safer place.
SentinelOne
SentinelOne is shaping the future of endpoint security with an integrated platform that unifies the detection, prevention and remediation of threats initiated by nation states, terrorists, and organized crime. SentinelOne’s unique approach is based on deep inspection of all system processes combined with innovative machine learning to quickly isolate malicious behaviors, protecting devices against advanced, targeted threats in real time.
Symantec
Symantec Corporation (NASDAQ:SYMC), the world’s leading cyber security company, helps organizations, governments and people secure their most important data wherever it lives. The partnership with Fortinet combines Symantec’s endpoint protection leadership with Fortinet’s best-in-class network security and Fabric integration to deliver unparalleled security protection.
Wandera
Wandera’s mobile security suite provides multi-level protection against cyber threats for users, endpoints, and corporate applications. Customers taking advantage of the technical alliance between Fortinet and Wandera can enforce policies that are consistent on both sides of the perimeter.
